RUSTSEC-2025-0126

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0126
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0126.json
JSON Data
https://api.test.osv.dev/v1/vulns/RUSTSEC-2025-0126
Aliases
Published
2025-10-18T12:00:00Z
Modified
2025-11-28T02:45:41.271355Z
Summary
Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)
Details

A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::withpagesize constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch initialization.

The flaw was fixed in commit 94a286f by adding an overflow check:

batch_page_size
    .checked_add(crate::nft_nlmsg_maxsize())
    .expect("batch_page_size is too large and would overflow");

Mitigation

Upgrade to version 0.9.0 or later, which aborts instead.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / nftnl

Package

Name
nftnl
View open source insights on deps.dev
Purl
pkg:cargo/nftnl

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.9.0

Ecosystem specific 

{
    "affects": {
        "os": [],
        "arch": [],
        "functions": []
    },
    "affected_functions": null
}

Database specific

informational

null

categories

[
    "memory-corruption"
]

cvss

null